Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Certificate Template for a Server Cert

nadavc2
Engager
‎06-25-2020 07:34 AM

Hello,

I have a Windows CA Server to sign my own requests.

For the Web Certificate I have used the "Web Server" template.

What template should I use for the server.pem? What purposes should it include?

Thank you

Labels (3)
Tags (2)
0 Karma
Reply

brettw
Splunk Employee
Splunk Employee
‎04-21-2021 10:31 AM

Same format (export from certmgr.msc as Base-64 encoded X.509 (.CER)).  Then change the extension.

The only difference is that the server PEM requires the full certificate chain in the file:  Subject, Intermediate(s), Root.

You'll also need to specify the issuing CA and its chain all the way to the root in a separate PEM file which is referenced in server.conf.

Relevant Documentation for Forwarding

Relevant Documentation for Splunk-to-Splunk

All about PEM files and third-party certificates

Finally, a word of caution.  Keep good track of where you install ALL of your certificates.  You do not want them to expire.  This happened to me, and it wasn't pretty.  If you have a two-year validity, just renew them all annually.

0 Karma
Reply

Jarohnimo
Builder
‎04-21-2021 10:14 AM

This is actually a very fair question. The web server template does include the common name field that you entered in your csr and i think that's one of the main things required. 

I'm testing something now in my environment and these are the only template available that i can see.

Capture.JPG

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...